Ransomware, or malware that holds your computer hostage until you pay a “ransom” (hence the name – clever, huh?), has been around for a while. Today we became aware of a particularly crafty new strain is now posing as law enforcement.
The software informs the user that he or she has all sorts of illicit material on their computer, and that the software is locking the computer down until a “fine” is paid. If the fine is not paid – the hard drive will supposedly be erased.
Granted, this attack will only be successful on people that are technologically-ignorant enough to believe that child pornography somehow accidentally snuck onto their system, and that law enforcement would send a pop-up instead of showing up at your house and kicking your door in (hint for those that don’t know: it’s the latter). However, it’s a nice reminder that you can never be too sure when it comes to clicking stuff.
The bad guys on the Internet aren’t dumb – they know that human beings are emotional creatures. Just as advertisers and politicians do everything possible to elicit an emotional response out of you that will cause to buy their product or candidate, malware writers are fully aware that the best way to get you to click stuff is to generate an emotional response.
“Click here to save the kitties.”
“Click this or go to jail.”
“Click here to see Britney Spears naked.”
Each of these appeals is designed to generate an emotional response that will cause you to click on something. It’s one of the basics of the sort of ‘hacking’ that is really dangerous – social engineering. As any security professional will tell you, the biggest threat to your data is probably you. Install lots of firewalls, anti-virus, intrusion prevention and detection systems, etc. These are all well and good. They can also all be subverted with a simple mouse click from a user that just wants to save the planet, save themselves, or save Britney Spears from those constricting clothes.
Stop being so emotional, and you’ll start being a lot safer on the Internet.